CVE-2025-7659
Published: 11 February 2026
Summary
CVE-2025-7659 is a high-severity Origin Validation Error (CWE-346) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through patching directly prevents exploitation of the incomplete validation vulnerability in GitLab's Web IDE as addressed in CVE-2025-7659.
Information input validation at Web IDE entry points directly mitigates origin validation errors (CWE-346) that allow unauthenticated token theft.
Vulnerability scanning detects the presence of CVE-2025-7659 in affected GitLab versions, enabling timely remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct origin validation flaw in public GitLab Web IDE enables unauthenticated token theft (T1528) via exploitation of the exposed web application (T1190).
NVD Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation…
more
in the Web IDE.
Deeper analysisAI
CVE-2025-7659 is a vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions from 18.2 prior to 18.6.6, 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. The flaw arises from incomplete validation in the Web IDE component, enabling an unauthenticated user to steal tokens and access private repositories. It carries a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N) and maps to CWE-346 (Origin Validation Error).
The attack requires network access with no privileges, high complexity, and user interaction, but successful exploitation allows an unauthenticated attacker to steal authentication tokens. This grants unauthorized read and potentially write access to private repositories, resulting in high impacts to confidentiality and integrity across a changed scope.
GitLab has remediated the issue via patches in versions 18.6.6, 18.7.4, and 18.8.4, as detailed in their February 10, 2026 patch release notes. Security teams should prioritize upgrading affected instances. Additional technical details are available in GitLab's issue tracker (gitlab.com/gitlab-org/gitlab/-/issues/555440) and the originating HackerOne report (hackerone.com/reports/3234976).
Details
- CWE(s)